Thanks so much for your help, Simon. Here are the reports you requested.
1-Click Answers
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
AG_Easter_Floral Screen Saver
AG_Floral_essence Screen Saver
AG_Ghosts and Phantoms Screen Saver
agcom - Winter Scene Screen Saver
AGcom_MountainScenery Screen Saver
AGcom_VisionsOfParadise Screen Saver
Alien Skin Eye Candy 5 Nature
American Greetings CreataCard
AOL Deskbar
AOL HI-Q Video
AOL Pictures Uploader Plugin v9.3.2.3 (Remove Only)
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
AOpen FM56-PX Controllerless PCI Modem
AppCore
ArcSoft PhotoImpression 4
Ask Toolbar
AV
Avance AC'97 Audio
ccCommon
CCleaner (remove only)
Chuzzle for Pocket PC
Corel Paint Shop Pro Photo XI
Coupon Printer for Windows
Cribbage Buddy - Pogo Version 1.2
Digimax Reader
Digimax U-CA 5
Digimax Viewer 2.1
DR Systems Web Ambassador
Dream Day First Home
Emperor's Mahjong for PocketPC
FLV Player
FLV Player 2.0, build 23
Google Earth
GoToMeeting/GoToWebinar 3.0.0.198
Hardwood Solitaire Deluxe
Hardwood Solitaire Deluxe
Hexacto ScoreCast
Hidden Expedition - Everest (remove only)
HijackThis 2.0.2
Homestead SiteBuilder LPX
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB926239)
hp deskjet 5550 series
hp deskjet 5550 series (Remove only)
HP Driver Diagnostics
hp instant support
hp print screen utility
IBM Flatbed Scanner
Internet Worm Protection
ISScript
iWare iWare Mouse 3.2
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Jasc Paint Shop Pro 9.01 Patch
Java 6 Update 3
Jewel Quest (remove only)
Kaspersky Online Scanner
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Lottso! Deluxe
Macromedia Shockwave Player
Mahjong Garden Deluxe
Matrox Graphics Software (remove only)
Matrox PowerDesk-SE
Meditech Client Server
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft ActiveSync 3.7
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional
Microsoft Outlook 2002
Microsoft Publisher 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Journal Viewer
Mirror Magic Deluxe (remove only)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
NEC DISPLAY SOLUTIONS: Monitor Installer
Nero Suite
Netflix Movie Viewer
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Patiences Gold
Pixelus for Pocket PC
PowerDVD
QuickTime
RealPlayer
Registry Mechanic 6.0
Replay Media Catcher
Rhapsody
Rhapsody Player Engine
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
SPBBC 32bit
Spybot - Search & Destroy
Symantec
Symantec Real Time Storage Protection Component
SymNet
The Poppit! Show
The Print Shop 22
Tri-Peaks Solitaire To Go
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
URGE
Viewpoint Media Player
Virtual Painter
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Install Manager
SDFix: Version 1.131
Run by DEB on Wed 01/23/2008 at 02:16 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\fxtqdrl.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\search_res.txt - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\explorer.exe
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-01-23 14:21:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1119318796\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1119318796\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\1121563632\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1121563632\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America Online 9.0b\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0c\\waol.exe"="C:\\Program Files\\America Online 9.0c\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\Common Files\\AOL\\1123254509\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1123254509\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Enabled:Connection Manager"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\kdx\\KHost.exe"="C:\\WINDOWS\\kdx\\KHost.exe:*:Enabled:Delivery Manager"
"C:\\Program Files\\Common Files\\AOL\\1123254509\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1123254509\\EE\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sat 14 Oct 2006 4 A..H. --- "C:\WINDOWS\uccspecb.sys"
Wed 16 Jan 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 27 Jun 2005 56 ..SHR --- "C:\WINDOWS\system32\A0CE24F11D.sys"
Mon 11 Jul 2005 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe"
Mon 11 Jul 2005 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe"
Thu 16 Feb 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 30 Oct 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP827\A0138312.sys"
Tue 13 Nov 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP827\A0138343.sys"
Tue 13 Nov 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP828\A0138378.sys"
Mon 3 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP847\A0141169.sys"
Tue 4 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP847\A0141209.sys"
Tue 4 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP848\A0142259.sys"
Thu 6 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP849\A0142325.sys"
Thu 6 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP849\A0143365.sys"
Thu 6 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP850\A0143453.sys"
Sat 8 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP850\A0143519.sys"
Sat 8 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP851\A0143591.sys"
Tue 11 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP854\A0144024.sys"
Tue 11 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP855\A0144217.sys"
Wed 12 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP856\A0144357.sys"
Thu 13 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP857\A0144430.sys"
Fri 14 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP857\A0144464.sys"
Sat 15 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP858\A0144521.sys"
Sat 15 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP858\A0144568.sys"
Sun 16 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP860\A0144807.sys"
Thu 20 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP860\A0145802.sys"
Thu 20 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP862\A0146002.sys"
Fri 21 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP865\A0146264.sys"
Tue 25 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP867\A0146434.sys"
Thu 27 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP868\A0146502.sys"
Fri 28 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP868\A0147516.sys"
Sat 29 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP869\A0147560.sys"
Sat 29 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP872\A0148815.sys"
Wed 2 Jan 2008 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP872\A0149804.sys"
Wed 2 Jan 2008 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP875\A0151674.sys"
Sat 5 Jan 2008 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP876\A0151703.sys"
Sun 6 Jan 2008 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP877\A0151754.sys"
Mon 7 Jan 2008 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP878\A0151887.sys"
Wed 9 Jan 2008 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP879\A0151973.sys"
Wed 16 Jan 2008 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP893\A0162883.sys"
Tue 19 Jun 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP818\A0135338.sys"
Tue 13 Nov 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP845\A0141006.sys"
Sun 2 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP846\A0141096.sys"
Sat 8 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP853\A0143938.sys"
Mon 10 Dec 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP853\A0143993.sys"
Wed 9 Jan 2008 2,516 A.SH. --- "C:\System Volume Information\_restore{71EA66A5-B157-4290-8ED6-A6D850093F77}\RP892\A0162880.sys"
Wed 20 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEB\Local Settings\Temp\BITB.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEB\Local Settings\Temp\BIT6.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\DEB\Application Data\U3\temp\Launchpad Removal.exe"
Thu 16 Feb 2006 20 A..H. --- "C:\Documents and Settings\DEB\Application Data\Real\Rhapsody\wmlicbackup\drmv1lic.bak"
Thu 16 Feb 2006 4,348 ...H. --- "C:\Documents and Settings\DEB\Application Data\Real\Rhapsody\wmlicbackup\drmv1key.bak"
Mon 1 Aug 2005 312 A.SH. --- "C:\Documents and Settings\DEB\Application Data\Real\Rhapsody\wmlicbackup\drmv2key.bak"
Wed 13 Jul 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Fri 12 Aug 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Finished!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:33 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\iWare\iWare Mouse\3.2\lwbwheel.exe
C:\Program Files\Common Files\AOL\1123254509\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\1-Click Answers\answers.exe
C:\PROGRA~1\1-CLIC~1\agtserv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.pogo.com/home/home.do
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [LWBMOUSE] "C:\Program Files\iWare\iWare Mouse\3.2\lwbwheel.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1123254509\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] "C:\WINDOWS\System32\PDesk\PDesk.exe" /Autolaunch
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Answers... - file://C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: SnipeIt! eSnipe -
http://www.esnipe.co...nipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/download/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) -
http://game1.pogo.co...erInstaller.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} -
http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -
http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} -
http://messenger.zon...SS.cab69309.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) -
http://h30155.www3.h...nosticsxp2k.cab
O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) -
http://install.homes...ive/HS_live.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) -
http://ispe.sdc.hp.c...SWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1119050019217
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) -
http://pictures.aolc...der.9.3.2.3.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) -
http://aolsvc.aol.co...bugs/axhost.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) -
http://aolsvc.aol.co...mesLauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) -
http://ak.imgag.com/...tall/AxCtp2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.groups...plorer1_9us.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) -
http://messenger.zon...oF.cab57176.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{276EB735-8197-47C5-96A7-2B3EF5E61E12}: NameServer = 209.206.184.249,199.96.34.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{89C44840-130C-4782-A307-2E52C1E78EAF}: NameServer = 209.206.184.249,199.96.34.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCC7378C-DD31-431A-B380-2016D34F10E1}: NameServer = 209.206.184.249,199.96.34.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{276EB735-8197-47C5-96A7-2B3EF5E61E12}: NameServer = 209.206.184.249,199.96.34.33
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 12026 bytes